H3C Switch Configuration detailed

H3C Switch Configuration detailed

A. User configuration:

[H3c]super password h3c set user Rating password

[H3c]undo Super Password delete user Rating password

[H3c]localuser bigheap 123456 1 Web Management user settings, 1 (default) for administrative users, default Admin,admin

[H3c]undo localuser bigheap Delete Web managed users

[H3c]user-interface aux 0 only supports 0

[H3c-aux]idle-timeout 2 50 setting timeout is 2 minutes 50 seconds, if 0 means no timeout, default is 5 minute

[H3c-aux]undo idle-timeout Restore default values

[h3c]user-interface vty 0 only supports 0 and 1

[H3c-vty]idle-timeout 2 50 setting timeout is 2 minutes 50 seconds, if 0 means no timeout, default is 5 minute

[H3c-vty]undo idle-timeout Restore default values

[H3c-vty]set Authentication password 123456 Setting the Telnet password must be set

[H3c-vty]undo Set authentication password cancel password

[H3c]display users displays the user

[H3c]display user-interface Display user interface status

Two. System IP configuration:

[H3c]vlan 20

[H3c]management-vlan 20

[H3c]interface Vlan-interface 20 creates and enters the management VLAN

[H3c]undo Interface vlan-interface 20 Delete Management VLAN interface

[H3c-vlan-interface20]ip address 192.168.1.2 255.255.255.0 configuration Management Vlan interface static IP address (default = 192.168.0.234)

[H3c-vlan-interface20]undo IP address to delete IP addresses

[H3C-VLAN-INTERFACE20]IP Gateway 192.168.1.1 Specify default gateway (default no gateway address)

[H3c-vlan-interface20]undo IP Gateway

[H3c-vlan-interface20]shutdown Shutdown interface

[H3c-vlan-interface20]undo Shutdown Open

[H3c]display IP displays information about managing VLAN interface IP

[H3c]display Interface vlan-interface 20 Viewing interface information for the management VLAN

Three. DHCP Client configuration:

[H3c-vlan-interface20]ip address Dhcp-alloc manages Vlan interfaces to obtain IP addresses by means of DHCP

[H3c-vlan-interface20]undo IP Address dhcp-alloc Cancel

[H3c]display DHCP Display DHCP client information

Four. Port configuration:

[H3c]interface ETHERNET0/3

[H3c-ethernet0/3]shutdown

[H3c-ethernet0/3]speed 100 rate, can be 10,100,1000 and auto (default)

[H3c-ethernet0/3]duplex full duplex, can be half,full and auto (default) optical port and cannot be configured after aggregation

[H3c-ethernet0/3]flow-control turn on flow control, default is off

[H3c-ethernet0/3]broadcast-suppression 20 sets the suppression broadcast percentage to 20%, preferably 5,10,20,100, the default is 100, and both multicast and unknown unicast are affected by this

[H3c-ethernet0/3]loopback internal inner ring test

[H3c-ethernet0/3]loopback external outer ring test, need to plug the self-ring head, must be full-duplex or self-negotiation mode

[h3c-ethernet0/3]port link-type Trunk Set link type is trunk, can be access (default), Trunk

[H3c-ethernet0/3]port trunk Pvid VLAN 20 set 20 as the default VLAN for that trunk, default is 1

(The Pvid on both ends of the trunk line must be consistent)

[H3c-ethernet0/3]port Access VLAN 20 joins the current access port to the specified VLAN

[H3c-ethernet0/3]port trunk Permit VLAN all allows all VLANs to pass through the current trunk port and can be used multiple times for this command

[H3c-ethernet0/3]mdi Auto set Ethernet port for automatic monitoring, normal (default) is straight line, across is crossover line

[H3c]link-aggregation Ethernet 0/1 to Ethernet 0/4 adds 1-4 ports to the aggregation group, 1 is the primary port, both sides need to be configured simultaneously, port mirroring is set, port isolation port is not aggregated

[H3c]undo link-aggregation Ethernet 0/1 Delete the aggregation group

[h3c]link-aggregation Mode egress Configure Port aggregation modes for load sharing based on destination MAC address, optional for ingress,egress and bot H, default is both

[H3c]monitor-port Ethernet 0/2 sets the port as the Mirror port, the mirror port must be set first, the mirror port must be deleted, and they cannot be in a port, the port cannot be in the aggregation group, the new image port is replaced by the old one, the mirror is unchanged.

[H3c]mirroring-port Ethernet 0/3 to Ethernet 0/4 both set ports 3 and 4 to be mirrored ports, both to monitor incoming and outgoing messages, inbound to monitor only received messages, outbound indicates only Messages sent by the controller

[H3c]display Mirror

[H3c]display Interface Ethernet 0/3

[H3c]display link-aggregation Ethernet 0/3 display Port aggregation information

[H3c-ethernet0/3]virtual-cable-test Diagnosing the circuit condition of the port

Five. VLAN configuration:

[H3c]vlan 2

[H3c]undo VLAN all removes all VLANs except the default VLAN, and the default VLAN cannot be deleted

[H3c-vlan2]port Ethernet 0/4 to Ethernet 0/7 joins ports 4 through 7th to VLAN2, this command can only be used to add access ports and cannot be used to increase trunk or hybrid ports

[h3c-vlan2]port-isolate enable open VLAN port isolation feature, no two-tier forwarding, the feature is not enabled by default

[H3c-ethernet0/4]port-isolate uplink-port VLAN 2 set 4 for VLAN2 isolated upstream port for forwarding two-tier data, only one upstream port can be configured, if trunk, it is recommended to allow all VLANs through, Isolation cannot be configured at the same time as aggregation

[H3c]display VLAN All shows detailed information for all VLANs

S1550E supports Port-based VLANs by creating different user-group, one port can belong to multiple user-group, ports that do not belong to the same user-group cannot communicate with each other and support up to 50 user-group

[H3c]user-group 20 Create User-group 20, default only exists User-group 1

[H3c-usergroup20]port Ethernet 0/4 to Ethernet 0/7 adds 4 to 7th ports to VLAN20, initially in User-group 1

[H3c]display User-group 20 Shows information about User-group 20

Six. Cluster configuration:

S2100 can only be joined as a member switch in the cluster, after the system name is changed to "cluster Name _ Member number." The format of the original system name.

Plug and Play features through two features: Cluster Management Protocol MAC multicast address negotiation and management VLAN negotiation

[H3c]cluster enable cluster feature, enabled by default

[H3c]cluster into the cluster view

[h3c-cluster]administrator-address h-h-h name Switch h-h-h for mac of command switch, join switch cluster

[Switch_1.h3c-cluster]undo administrator-address exit the cluster

[H3c]display cluster display cluster information

[H3c]management-vlan 2 cluster messages can only be forwarded in the Management VLAN, the same cluster needs to be in the same management VLAN, the management VLAN must be specified before the cluster is established

Seven. QoS configuration:

QoS configuration steps: Set the priority of the port, set the priority mode of the switch trust message, queue scheduling, port speed limit

[H3c-ethernet0/3]priority 7 sets the port priority to 7 and defaults to 0

[H3c]priority-trust Cos sets the priority of the switch trust message to the COS (802.1p priority, default) and can also be set to DSCP mode (DSCP priority mode)

[H3c]queue-scheduler HQ-WRR 2 4 6 8 Set queue scheduling algorithm to HQ-WRR (default is WRR), weight is 2,4,6,8

[H3c-ethernet0/3]line-rate Inbound 29 The port import rate is limited to 2Mbps, take 1-28, the rate is rate*8*1024/125, that is, 64,128,192...1.792m;29-127, the rate is ( rate-27) *1024, i.e. 2m,3m,4m ... 100M, gigabit can continue to take down, 128-240, the rate is (rate-115) *8*1024, that is 104m,112m,120m ... 1000M

[H3c]display queue-scheduler display queue scheduling mode and parameters

[H3c]display priority-trust Show Priority Trust mode

Eight. System Management:

[H3c]mac-address blackhole h-h-h vlan 1 add black hole mac in VLAN1

[h3c]mac-address static H-h-h interface Ethernet 0/1 VLAN 1 Add a Mac to port one in VLAN1

[H3c]mac-address Timer Aging 500 sets the MAC Address table aging time to 500s

[H3c]display mac-address

[H3c]display ARP

[h3c]mac-address port-binding h-h-h interface Ethernet 0/1 VLAN 1 configuration port Bonding

[H3c]display mac-address port-binding

[H3c]display saved-configuration

[H3c]display current-configuration

[h3c]restore Default recovery switch factory defaults, reboot to take effect after recovery

[H3c]display version

[H3c]display Device

[H3c]sysname Bigheap

[H3c]info-center enable the System logging feature, enabled by default

[H3c]info-center loghost IP 192.168.0.3 output information to the specified log host (only UNIX or Linux, not Windows), turn on the log function first, shut down by default

[H3c]info-center Loghost Level 8 sets the system log to 8 and defaults to 5. Level description: 1.emergencies 2.alerts 3.critical 4.errors 5.warnings 6.notifica tions 7.informational 8.debugging

[H3c]display info-center Display System log configuration and buffer record information

[H3c]display Logbuffer displays a specified number of log information for the most recent record in the log buffer

[H3c]display Trapbuffer Displays the specified number of log information for the most recent record of the alarm buffer

Nine. Network protocol configuration:

NDP is the Neighbor Discovery protocol, s1550e can only turn on or off NDP, cannot be configured, the default valid retention time is 180S,NDP message send interval 60s

[H3C]NDP enable is enabled by default

[H3C-ETHERNET0/3]NDP enable is enabled by default

[H3c]display NDP displays NDP configuration information

[H3c]display NDP interface Ethernet 0/1 shows the neighbor information for the specified port NDP discovery

The HABP agreement, Authentication Bypass Protocol, is used to address the filtering of HGMPV1/V2 messages on unauthorized and authenticated ports when 802.1X and HGMP are configured simultaneously on the switch, This makes it impossible for the management device to manage the issue of a hung switch. 802.1X authentication is ignored when the switch starts HABP.

HABP includes servers and clients, which are sent periodically by the server, the client responds, and forwards down, the server typically starts on the management device, the client starts on the hanging device, and 1550E only supports the client.

[H3C]HABP Enable Start HABP feature, default is start, the default is client mode after startup

NTDP is the Neighbor Topology Discovery protocol, the protocol used to collect network topology information, works with the NDP protocol for Cluster management, and the configuration of s1550e mainly includes the ability to turn on and off, turn on and off the debug function.

[H3C]NTDP enable is enabled by default

[H3C-ETHERNET0/3]NTDP enable is enabled by default

10. SNMP Configuration:

S1550E support SNMPV1,SNMPV2C, the main configuration includes: Set community name, set System information, set the address of the trap target host, allow or prohibit send trap, prohibit the operation of SNMP agent

[H3c]snmp-agent Community Read Bigheap set up Bigheap community, and read-only access

[H3c]snmp-agent max-size 1600 Sets the maximum number of SNMP message packets that the agent can accept/Send to 1600 bytes, the default 1500

[H3c]snmp-agent sys-info contacts #27345 location Diqiu version V2C set System Information, version v2c, by default contact information is "R/R Hangzhou, h3c Tech Nologies co.,ltd. ", location is" Hangzhou China ", v2c version

[H3c]undo Snmp-agent prohibits the SNMP agent from running, if configuring any SNMP command will restart the SNMP agent

[H3c]display snmp-agent Community Read

[H3c]display snmp-agent Sys-info Contact

[H3c]display snmp-agent Sys-info Location

[H3c]display snmp-agent sys-info version

Eleven. IGMP snooping configuration:

IGMP snooping is a multicast constraint mechanism running on a Layer two switch for managing and controlling multicast groups. The main responsibility is to establish and maintain a two-tier MAC Address table, and to forward the group broadcast text issued by the router according to the established Multicast Address table, if you do not run IGMP snooping, The group broadcast will be broadcasted on a two-tier network.

IGMP snooping configuration includes: Start and close IGMP snooping, configure router port aging time, configure maximum response query time, configure multicast group member port aging time, configure Port quick departure, debug function

[h3c]igmp-snooping Enable IGMP snooping feature, default is off

[h3c]igmp-snooping router-aging-time 500 Configure Router port aging time is 500s, default is 105s

[h3c]igmp-snooping max-response-time 15 Configuration Maximum response query time is 15s, default is 10s

[h3c]igmp-snooping host-aging-time 300 Configure multicast group member port aging time is 300s, default is 260s

[h3c-ethernet0/3]igmp-snooping fast-leave configuration quickly leave, if received leave the message, delete the port immediately, do not ask

[h3c]display igmp-snooping config display configuration information

[H3c]display igmp-snooping Statistics Display package statistics

[H3c]display igmp-snooping Group VLAN 2 displays information for IP multicast groups and Mac multicast groups in VLAN2

12. System Debug:

[H3c]display Debugging display Debug Switch status

13.802.1X Configuration:

[H3c-ethernet0/3]dot1x Open 802.1x features, can also be used in the system view, after use, global open, can also be used interface parameters to open the specified port 802.1x features, the default is all off, to enable 802.1X, global and ports need to be turned on

[H3c-ethernet0/3]dot1x Port-control Unauthorized-force Set the operating mode to force the non-authorized mode, the use of the same mode as the DOT1X command, the default is auto, that is authenticated to access, and the AUT Horized-force, for forced authorization mode, allows users to access

[h3c-ethernet0/3]dot1x port-method portbased Settings access control mode is port-based, using the same mode as the DOT1X command, the default is Macbase, MAC address-based

[H3c-ethernet0/3]dot1x max-user 10 sets the number of ports to access the user to a maximum of 10, using the same mode as the DOT1X command, the default is 128, the value range is 1-128

[h3c]dot1x Authentication-method EAP Settings 802.1x user authentication method for EAP, EAP relay, directly with the EAP message sent to the server, need server support

[H3c-ethernet0/3]dot1x re-authenticate turn on the 802.1x re-authentication feature enables the switch to authenticate periodically at intervals, using the same mode as the DOT1X command, all ports are turned off by default

[h3c]dot1x timer handshake-period reauth-period 7200 quiet-period-Tx-period supp-timeout 2 00 Set the 802.1X authentication timer, Handshake-period for authentication success, the system at this interval for the period to send a handshake request message (equivalent to the keepalive message send interval), 1-1024s, the default 15s.

Reauth-period re-authentication timeout timer, 1-86400s, default 3600s.

Quiet-period for the user authentication failed, Autheticator's silent timer, after the silent processing authentication, 10-120s, the default 60s.

Tx-period for the delivery time-out timer, supplicant failed to send the authentication response message, then re-send the authentication request, 10-120s, the default is 30s.

Supp-timeout for authentication timeout timer, supplicant failed to respond successfully, then re-send authentication request, 10-120s, default 30s.

Server-timeout The timeout timer for the server not responding successfully, 100-300s, default 100s.

[H3c]display dot1x Statistics Display of 802.1x configuration, operating conditions and statistics

14. RADIUS configuration:

[H3c]radius scheme system enters system scheme, its values are default, 1550E only supports default scheme

[H3c-radius-system]primary Authentication 10.110.1.1 1812 Sets the RADIUS server address and UDP port number, by default, the server IP address in the system scenario is empty and the UDP port number is 18 12

[H3c-radius-system]key Authentication 123 indicates RADIUS encryption shared key is 123, default no Shared key

[H3c-radius-system]timer 10 Set RADIUS server Response Timeout timer, 1-10s, default is 5s

[H3c-radius-system]retry 10 setting RADIUS server Maximum Response retry count is 10, 1-20 times, default is 5 times

[H3c]display Radius Display RADIUS scheme information

This article is from the "Chen blog" blog, make sure to keep this source http://chenshengang.blog.51cto.com/4399161/1605868

H3C Switch Configuration detailed